 <?php 


$username = $_POST['username'];
$password = $_POST['password'];

include("opendb.php");
include("functions.php");
$res = isValidUser($username,$password);
if($res!=1) {
echo "0";
exit;
}

$active = 'account';
$xmlout="<listings>\n\t";


$query = "select * from Users where Username='".$username."'";
$result = mysql_query($query) or die ("SQL Error".mysql_error());
$row=mysql_fetch_assoc($result);
$userid = $row['ID'];

	$query = "select p.* from PROPERTIES p inner join Prop_Owner_Con c on p.OID = c.Prop_OID where c.Owner = '".$userid."' and LISTSTATUS in('ACTIVE','PENDING','SOLD','WITHDRAWN','EXPIRED','DO_NOT_DISPLAY','COMMING_SOON') order by LISTSTATUS";
	$result = mysql_query($query) or die ("SQL Error".mysql_error());
	if(mysql_num_rows($result))
	{
	 		 	
			while($row=mysql_fetch_assoc($result))
				{
				$sqlv = "Select sum(Views) as Views from Listing_Views where Listing_ID = '".$row['OID']."'";
				$resultv = mysql_query($sqlv) or die ("SQL Error".mysql_error());
				$rowv=mysql_fetch_assoc($resultv);		
				
				$sqlb = "Select Blog_URL from User_Blog_Listings where Listing_ID = '".$row['OID']."'";
				$resultb = mysql_query($sqlb) or die ("SQL Error".mysql_error());
				$rowb=mysql_fetch_assoc($resultb);	
				///%
				$xmlout.= "<listing>\n\t\t";		
				$xmlout.= "<streetnum>".$row['STREETNUM']."</streetnum>\n\t\t\t";
				$xmlout.= "<streetname>".$row['STREETNAME']."</streetname>\n\t\t\t";
				$xmlout.= "<streetsuffix>".$row['STREETSUFFIX']."</streetsuffix>\n\t\t\t";
     			$xmlout.= "<totalviews>".$rowv['Views']."</totalviews>\n\t\t\t";
				$xmlout.= "<oid>".$row["OID"]."</oid>\n\t\t\t";
				$xmlout.= "<blogurl>".$rowb["Blog_URL"]."</blogurl>\n\t\t\t";
				$xmlout.= "<status>".$row["LISTSTATUS"]."</status>\n\t"; 
				$xmlout.= "</listing>\n";		
				}
			
			}
$xmlout.= "</listings>";
echo $xmlout;
			?>